diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java index db7839966fa..972e2eb0e67 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java @@ -27,6 +27,7 @@ import org.apache.axiom.soap.SOAPHeaderBlock; import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder; import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; +import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.coyote.InputBuffer; @@ -130,7 +131,8 @@ public class BSTAuthenticator implements WebappAuthenticator { authenticationInfo.setStatus(WebappAuthenticator.Status.CONTINUE); } else { - String bearerToken = request.getAttribute("BST").toString(); + String bearerToken = new String( + Base64.decodeBase64(request.getAttribute("BST").toString().getBytes())); String resource = requestUri + ":" + requestMethod;